Openshift comes with enforced security context design which aims to solve security issues that normal Kubernetes cluster ignores. In a non-prod environment, the default Kubernetes approach is capible to deploy simple application and providing access to the service, but such design often introduce challenges to enterprise companies like banks or teleco which cause them hasitate to migrate data to the cloud. Build A Openshift Compatible Image Normal docker image which uses root level action like following would cause trouble in Openshift:

Continue reading

All config and cmd in this blog has been verified and tested against Openshift 4.5 release Openshift 4.5 introduced new way to deploy kubernetes by using Coreos with Igition, this solution makes sure all nodes in a cluster share same image and end-users are not encouraged to modify anything on OS level, everything(nic changes, troubleshoot, ssl injection) should be done through Openshift itself by defining yaml(Machineconfig for OS files, nmstate can mod nic).

Continue reading

Sometimes if vmware vm got shutdown inappropriately, the filesystem may crush or has error on next reboot, and / drive will become read-only and none of software usable at all. To fix this issue, we can simply force / to be remounted and forcely repair disk. For example, we have an Ubuntu server with disk failure, if we check its mounted disk, we’ll see / is read-only: # mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,relatime,size=1988484k,nr_inodes=497121,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=403992k,mode=755) /dev/mapper/ubuntu--vg-ubuntu--lv on / type ext4 (ro,relatime,data=ordered) and if we check its disk layout:

Continue reading

RedHat Certified System Engineer(EX300) is an advanced and extended exam from EX200. It tests what EX200 already covers and extend them in a more detailed and advanced level. Network Manager Besides what we already know about using nmcli to configure networks, RHCE would like to see if candidates would understand how nmcli and legacy script based config work. A table of Comparison of nm-settings and ifcfg-* Directives nmcli con mod ifcfg-* file Effect ipv4.

Continue reading

RedHat Certified System Administrator(EX200) is the 1st to acquire for most of Redhat advanced certificates(non-cloud, regular system admin path), Here are some hints and memo for learning and preparing for RHCSA. Link Files ln has hard link and soft link. ln newfile.txt /tmp/newfile-hlink2.txt will create a hard link of newfile.txt. hard link means full copy of the original file, the ln created hard link file will exist even if the original file got deleted.

Continue reading

All config and cmd in this blog has been verified and tested against Openshift 3.11 release Openshift is Redhat Container Platform, it mainly uses Kubernetes as its PaaS underlay and added more feature such as CICD, app store, etc. How to Install Similar as Kubespray, it uses a toolbox which has root access to all nodes and run ansible scripts to install and deploy everything. Few prerequisites before install:

Continue reading

Redhat Setup Hints

Redhat has many modification from regular popular linux distributions. Hostname To change hostname on redhat7, simple as issuing following commands, no needs to change hosts file one by one: hostnamectl set-hostname name Network Manager Redhat uses NM to manage all interface settings, including IP, DNS and Routes. It’s also supported to use traditional script under /etc/sysconfig/network-scripts/ifcfg-*. To show current interface: nmcli con show To add a new interface profile with static IP:

Continue reading

查看man文件… nroff -man man/libnet.3 | less 有时候man文件不在系统目录..这时候就可以用上面的方式来查看非标准的man文件 以不同的用户身份运行程序… su - username -c “where/is/command/line” 有时候需要运行特殊身份的程序…就可以让su来做… 解压bz文件 tar -jvxf some.bz 就是把tar的zvxf 改成jvxf 编辑/etc/inittab后直接生效的方法.. 执行init q 让linux连续执行几个命令,出错停止 command1 && command2 && command3 …. linux中的bg和fg管理 当我们打ctrl+z的时候一个任务就被挂起(就是暂停),同时屏幕上返回一个数字,这时候可以用 “bg %数字” 来把这个进程放到后台执行…这个很适合在你忘了加&的时候进行补救…同样 " fg %数字 “就能让这个进程放到前台来执行了… job命令用来查看当前的被bg的进程… ctrl+s与ctrl+q ctrl-s 好象是从终端时代遗传过来的东东, 流量控制, 用来暂停向终端发送数据的. ctrl-q 用来恢复恢复 目录统计教本 保存成total.sh ,然后用total.sh 绝对路径,就会统计路径下目录的大小了 #!/bin/sh du 1 –max-depth=1 | sort -n|awk ‘{printf “%7.2fM —-> %s\n”,1/1024,2}’|sed ’s:/.*/([^/]{1,}):\1:g’ grep不显示本身进程 ps -aux|grep httpd|grep -v grep 通过再一次grep -v grep就可以取消显示你所执行的grep本身这个进程,-v参数是不显示所列出的进程名.

Continue reading

Author's picture

Charles

Love coding and new technologies

Cloud Solution Consultant

Canada